Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: dsniff

  • From: Dug Song
  • Date: Tue Jun 27 07:09:05 2000 
On Mon, 26 Jun 2000, Russ Gillis wrote:

> I have no experience with dsniff, but on the surface it would seem that
> switching is still the answer - layer 3 switching i.e. routing. If the
> resources are in a different subnet than the end-users, then packets would
> have to go through a default gateway to get to the host. The workstations
> will be arping for the default gateway and not the host.

in this scenario, i'd just arp redirect the default gateway to all hosts
on the LAN, which works just fine (dsniff supports a one-way half duplex
TCP reassembly mode, so you'd only have to see client traffic).

there are other ways to intercept traffic at higher layers, including good
old ICMP redirects, and esp. the recent windows IRDP vulnerability.
something else i've considered (but haven't actually written up) is VLAN
sniffing on big Cisco switches by forging ISL messages. there are probably
many other ways to accomplish this...

- -d.

- ---
http://www.monkey.org/~dugsong/


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.